ClawHub

form-builder

Security checks across malware telemetry and agentic risk

Overview

This form-building skill has a legitimate purpose, but it exposes a database password and directs database writes without adequate controls.

Review carefully before installing. Do not use this with any real RoadFlow database until the exposed password is removed and rotated, database access is moved to secure runtime configuration, and a least-privilege account is used. Require explicit user confirmation and review before any insert or update to roadflow.rf_form, and do not rely on the generated client-side validators for security-sensitive checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill embeds live PostgreSQL connection details including host, port, username, and password directly in documentation. This is a real secret disclosure vulnerability because anyone with access to the skill can reuse those credentials to connect to the internal roadflow database, enabling unauthorized data access or modification beyond the stated form-generation purpose.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The code advertises file upload validation in the validator factory, but the generated runtime validation function later returns true with a TODO and performs no actual file size or type enforcement. This can cause developers to rely on client-side protections that are silently absent, allowing disallowed files to pass UI validation and increasing the chance of unsafe uploads if server-side checks are weak or missing.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The comment claims asynchronous API validation for checks like username or email uniqueness, but the function always returns true. This creates a deceptive security/control gap where callers may believe server-backed validation exists when in practice every value is accepted.

Missing User Warnings

High
Confidence
99% confidence
Finding
Exposing internal database connection details without safeguards or warning materially increases attack surface by disclosing both credentials and network topology. In this skill context, the danger is heightened because the skill explicitly encourages direct interaction with a production-like form database, making the leaked information immediately actionable for unauthorized access.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill instructs the agent to query existing records, read full form contents, and copy or modify them into new forms without any warning about data sensitivity, authorization, or content review. This creates a genuine risk of propagating sensitive data, insecure markup, embedded scripts, or proprietary business logic from existing database records into newly generated artifacts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal